MediaWiki REL1_31
Static Public Member Functions | Public Attributes | List of all members
MediaWiki\Shell\Shell Class Reference

Executes shell commands. More...

Static Public Member Functions

static command ( $command)
 Returns a new instance of Command class.
 
static escape ()
 Version of escapeshellarg() that works better on Windows.
 
static isDisabled ()
 Check if this class is effectively disabled via php.ini config.
 
static makeScriptCommand ( $script, $parameters, $options=[])
 Generate a Command object to run a MediaWiki CLI script.
 

Public Attributes

const NO_EXECVE = 16
 Deny execve syscall with seccomp.
 
const NO_LOCALSETTINGS = 32
 Deny access to LocalSettings.php (MW_CONFIG_FILE)
 
const NO_NETWORK = 8
 Restrict the request to have no network access.
 
const NO_ROOT = 1
 Disallow any root access.
 
const PRIVATE_DEV = 4
 Create a private /dev.
 
const RESTRICT_DEFAULT = 39
 Apply a default set of restrictions for improved security out of the box.
 
const RESTRICT_NONE = 0
 Don't apply any restrictions.
 
const SECCOMP = 2
 Use seccomp to block dangerous syscalls.
 

Detailed Description

Executes shell commands.

Since
1.30

Use call chaining with this class for expressiveness: $result = Shell::command( 'some command' ) ->input( 'foo' ) ->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] ) ->limits( [ 'time' => 300 ] ) ->execute();

... = $result->getExitCode(); ... = $result->getStdout(); ... = $result->getStderr();

Definition at line 44 of file Shell.php.

Member Function Documentation

◆ command()

static MediaWiki\Shell\Shell::command ( $command)
static

Returns a new instance of Command class.

Parameters
string | string[]$commandString or array of strings representing the command to be executed, each value will be escaped. Example: [ 'convert', '-font', 'font name' ] would produce "'convert' '-font' 'font name'"
Returns
Command

Definition at line 119 of file Shell.php.

References $args, $command, and MediaWiki\MediaWikiServices\getInstance().

Referenced by MediaWiki\Shell\Shell\makeScriptCommand().

◆ escape()

static MediaWiki\Shell\Shell::escape ( )
static

Version of escapeshellarg() that works better on Windows.

Originally, this fixed the incorrect use of single quotes on Windows (https://bugs.php.net/bug.php?id=26285) and the locale problems on Linux in PHP 5.2.6+ (bug backported to earlier distro releases of PHP).

Parameters
string$args,...strings to escape and glue together, or a single array of strings parameter. Null values are ignored.
Returns
string

Definition at line 164 of file Shell.php.

References $args, $tokens, and wfIsWindows().

Referenced by MediaWiki\Shell\Command\params().

◆ isDisabled()

static MediaWiki\Shell\Shell::isDisabled ( )
static

Check if this class is effectively disabled via php.ini config.

Returns
bool

Definition at line 138 of file Shell.php.

References wfDebug().

Referenced by MediaWiki\Shell\Command\__construct().

◆ makeScriptCommand()

static MediaWiki\Shell\Shell::makeScriptCommand ( $script,
$parameters,
$options = [] )
static

Generate a Command object to run a MediaWiki CLI script.

Note that $parameters should be a flat array and an option with an argument should consist of two consecutive items in the array (do not use "--option value").

Parameters
string$scriptMediaWiki CLI script with full path
string[]$parametersArguments and options to the script
array$optionsAssociative array of options: 'php': The path to the php executable 'wrapper': Path to a PHP wrapper to handle the maintenance script
Returns
Command

Definition at line 236 of file Shell.php.

References $options, $wgPhpCli, and MediaWiki\Shell\Shell\command().

Member Data Documentation

◆ NO_EXECVE

const MediaWiki\Shell\Shell::NO_EXECVE = 16

Deny execve syscall with seccomp.

See also
https://en.wikipedia.org/wiki/exec_(system_call)
Since
1.31

Definition at line 95 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ NO_LOCALSETTINGS

const MediaWiki\Shell\Shell::NO_LOCALSETTINGS = 32

Deny access to LocalSettings.php (MW_CONFIG_FILE)

Since
1.31

Definition at line 102 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ NO_NETWORK

const MediaWiki\Shell\Shell::NO_NETWORK = 8

Restrict the request to have no network access.

Since
1.31

Definition at line 87 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ NO_ROOT

const MediaWiki\Shell\Shell::NO_ROOT = 1

Disallow any root access.

Any setuid binaries will be run without elevated access.

Since
1.31

Definition at line 64 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ PRIVATE_DEV

const MediaWiki\Shell\Shell::PRIVATE_DEV = 4

Create a private /dev.

Since
1.31

Definition at line 79 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

◆ RESTRICT_DEFAULT

const MediaWiki\Shell\Shell::RESTRICT_DEFAULT = 39

Apply a default set of restrictions for improved security out of the box.

Equal to NO_ROOT | SECCOMP | PRIVATE_DEV | NO_LOCALSETTINGS

Note
This value will change over time to provide increased security by default, and is not guaranteed to be backwards-compatible.
Since
1.31

Definition at line 56 of file Shell.php.

Referenced by MediaWiki\Shell\CommandFactory\create().

◆ RESTRICT_NONE

const MediaWiki\Shell\Shell::RESTRICT_NONE = 0

Don't apply any restrictions.

Since
1.31

Definition at line 109 of file Shell.php.

◆ SECCOMP

const MediaWiki\Shell\Shell::SECCOMP = 2

Use seccomp to block dangerous syscalls.

See also
https://en.wikipedia.org/wiki/seccomp
Since
1.31

Definition at line 72 of file Shell.php.

Referenced by MediaWiki\Shell\FirejailCommand\buildFinalCommand().

The documentation for this class was generated from the following file: